1 Reply Latest reply: Apr 29, 2010 1:12 PM by Stupoo RSS

    Infected by a virus and weird looking text file....

      Hey, my macafee realtime keeps getting turned off same with all my other anti virus's. When i do scans i find infected files which are removed but i still have this problem.

       

      ( I can't boot in normal mode, only safe mode )

       

      I found this wierd notepad file too...

       

      12/29/2009 19:41:32 - PFRO Error: \??\D:\Windows\WindowsUpdate.log, |delete operation|, 0xc000003a
      12/29/2009 19:41:32 - 0 Successful PFRO operations

       

      12/29/2009 19:45:40 - PFRO Error: \??\C:\Windows\NV15761896.TMP\nvsvc.ini, |delete operation|, 0xc000003a
      12/29/2009 19:45:40 - PFRO Error: \??\C:\Windows\NV19921968.TMP\nvsvc.ini, |delete operation|, 0xc000003a
      12/29/2009 19:45:40 - PFRO Error: \??\C:\Windows\NV17721960.TMP\nvsvc.ini, |delete operation|, 0xc000003a
      12/29/2009 19:45:40 - PFRO Error: \??\C:\Windows\NV18121968.TMP\nvsvc.ini, |delete operation|, 0xc000003a
      12/29/2009 19:45:40 - PFRO Error: \??\C:\Windows\NV22002208.TMP\nvsvc.ini, |delete operation|, 0xc000003a
      12/29/2009 19:45:40 - 0 Successful PFRO operations

       

      12/29/2009 20:12:10 - PFRO Error: \??\C:\Windows\NV24242432.TMP\nvsvc.ini, |delete operation|, 0xc000003a
      12/29/2009 20:12:10 - PFRO Error: \??\C:\Windows\NV24082628.TMP\nvsvc.ini, |delete operation|, 0xc000003a
      12/29/2009 20:12:10 - PFRO Error: \??\C:\Windows\NV22442800.TMP\nvsvc.ini, |delete operation|, 0xc000003a
      12/29/2009 20:12:10 - PFRO Error: \??\C:\Windows\NV16281656.TMP\nvsvc.ini, |delete operation|, 0xc000003a
      12/29/2009 20:12:10 - PFRO Error: \??\C:\Windows\NV16161132.TMP\nvsvc.ini, |delete operation|, 0xc000003a
      12/29/2009 20:12:11 - 42 Successful PFRO operations

       

      1/15/2010 7:17:19 - PFRO Error: \??\C:\Users\Stuart\AppData\Local\Temp\SiteAdvisor\mcinst.exe, |delete operation|, 0xc0000034
      1/15/2010 7:17:20 - PFRO Error: \??\C:\Users\Stuart\AppData\Local\Temp\SiteAdvisor\mcinst.exe, |delete operation|, 0xc0000034
      1/15/2010 7:17:20 - 155 Successful PFRO operations

       

      1/15/2010 7:38:41 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\msc\mcinst.exe, |delete operation|, 0xc000003a
      1/15/2010 7:38:41 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\vso\mcinst.exe, |delete operation|, 0xc000003a
      1/15/2010 7:38:41 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\mpf\mcinst.exe, |delete operation|, 0xc000003a
      1/15/2010 7:38:41 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\msk\mcinst.exe, |delete operation|, 0xc000003a
      1/15/2010 7:38:41 - PFRO Error: \??\C:\Program Files (x86)\McAfee\MPS\mpsres.dll, |delete operation|, 0xc0000034
      1/15/2010 7:38:41 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\mps\mcinst.exe, |delete operation|, 0xc000003a
      1/15/2010 7:38:41 - 121 Successful PFRO operations

       

      1/15/2010 15:41:0 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPI.exe, |delete operation|, 0xc0000034
      1/15/2010 15:41:0 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPIPS.dll, |delete operation|, 0xc0000034
      1/15/2010 15:41:0 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPI.exe, |delete operation|, 0xc0000034
      1/15/2010 15:41:0 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPIPS.dll, |delete operation|, 0xc0000034
      1/15/2010 15:41:0 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPI.exe, |delete operation|, 0xc0000034
      1/15/2010 15:41:0 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPIPS.dll, |delete operation|, 0xc0000034
      1/15/2010 15:41:0 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPI.exe, |delete operation|, 0xc0000034
      1/15/2010 15:41:0 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPIPS.dll, |delete operation|, 0xc0000034
      1/15/2010 15:41:0 - 0 Successful PFRO operations

       

      1/15/2010 18:49:50 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\MSC\mcutil\9,15,101,0\mcutil.dll, |delete operation|, 0xc000003a
      1/15/2010 18:49:50 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\MSC\mcutil\9,15,101,0, |delete operation|, 0xc000003a
      1/15/2010 18:49:50 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\MSC\mcutil, |delete operation|, 0xc0000034
      1/15/2010 18:49:50 - 80 Successful PFRO operations

       

      1/16/2010 9:19:20 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPI.exe, |delete operation|, 0xc0000034
      1/16/2010 9:19:20 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPIPS.dll, |delete operation|, 0xc0000034
      1/16/2010 9:19:20 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPI.exe, |delete operation|, 0xc0000034
      1/16/2010 9:19:20 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPIPS.dll, |delete operation|, 0xc0000034
      1/16/2010 9:19:20 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPI.exe, |delete operation|, 0xc0000034
      1/16/2010 9:19:20 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPIPS.dll, |delete operation|, 0xc0000034
      1/16/2010 9:19:20 - PFRO Error: \??\C:\Program Files (x86)\McAfee\MPS\mpsres.dll, |delete operation|, 0xc0000034
      1/16/2010 9:19:20 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPI.exe, |delete operation|, 0xc0000034
      1/16/2010 9:19:20 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPIPS.dll, |delete operation|, 0xc0000034
      1/16/2010 9:19:21 - 99 Successful PFRO operations

       

      1/17/2010 8:41:38 - PFRO Error: \??\C:\Users\Stuart\AppData\Local\SupportSoft\, |delete operation|, 0xc0000101
      1/17/2010 8:41:38 - PFRO Error: \??\C:\Windows\TEMP\SiteAdvisor\mcinst.exe, |delete operation|, 0xc0000034
      1/17/2010 8:41:38 - 54 Successful PFRO operations

       

      2/18/2010 15:26:39 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\msc\mcinst.exe, |delete operation|, 0xc000003a
      2/18/2010 15:26:39 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\vso\mcinst.exe, |delete operation|, 0xc000003a
      2/18/2010 15:26:39 - 6 Successful PFRO operations

       

      3/11/2010 9:51:58 - PFRO Error: \??\C:\Users\Stuart\AppData\Local\Temp\{3B61CF66-F8A5-46C4-8573-CA5488E42AC0}, |delete operation|, 0xc0000101
      3/11/2010 9:51:58 - 4 Successful PFRO operations

       

      3/24/2010 22:36:23 - PFRO Error: \??\C:\Windows\TEMP\SiteAdvisor\mcinst.exe, |delete operation|, 0xc0000034
      3/24/2010 22:36:23 - 154 Successful PFRO operations

       

      4/1/2010 15:38:18 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\vso\mcinst.exe, |delete operation|, 0xc000003a
      4/1/2010 15:38:18 - 1 Successful PFRO operations

       

      4/29/2010 15:33:30 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\msc\mcinst.exe, |delete operation|, 0xc000003a
      4/29/2010 15:33:30 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\msc\mcinst.exe, |delete operation|, 0xc000003a
      4/29/2010 15:33:30 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\msc\mcinst.exe, |delete operation|, 0xc000003a
      4/29/2010 15:33:30 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\msc\mcinst.exe, |delete operation|, 0xc000003a
      4/29/2010 15:33:30 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\msc\mcinst.exe, |delete operation|, 0xc000003a
      4/29/2010 15:33:30 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch\HWAPI.dll, |delete operation|, 0xc000003a
      4/29/2010 15:33:30 - PFRO Error: \??\C:\Program Files (x86)\Common Files\McAfee\HackerWatch, |delete operation|, 0xc0000034
      4/29/2010 15:33:30 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\msc\mcinst.exe, |delete operation|, 0xc000003a
      4/29/2010 15:33:30 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\vso\mcinst.exe, |delete operation|, 0xc000003a
      4/29/2010 15:33:30 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\mpf\mcinst.exe, |delete operation|, 0xc000003a
      4/29/2010 15:33:30 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\msk\mcinst.exe, |delete operation|, 0xc000003a
      4/29/2010 15:33:30 - PFRO Error: \??\C:\PROGRA~3\McAfee\MSC\Updates\Installs\1\mps\mcinst.exe, |delete operation|, 0xc000003a
      4/29/2010 15:33:30 - PFRO Error: \??\C:\PROGRA~3\McAfee\MS

      C\Updates\Installs\1\mhn\mcinst.exe, |delete operation|, 0xc000003a
      4/29/2010 15:33:30 - 33 Successful PFRO operations

       

       

       

      4/29/2010 15:33:3 is the time i booted my computer and at that moment i found out i couldn't boot in normal Windows 7.

       

      Please help.

        • 1. Re: Infected by a virus and weird looking text file....

          Also i found the securuity log which im not sure about,

           

          -------------------------------------------
          Monday, July 13, 2009 9:48:54 PM
              Administrative privileged user logged on.
              Parsing template defltbase.inf.
          ----Configuration engine was initialized successfully.----

           

          ----Reading Configuration Template info...

           


          ----Configure User Rights...
                  SeImpersonatePrivilege must be assigned to administrators. This setting is adjusted.
                  SeImpersonatePrivilege must be assigned to SERVICE. This setting is adjusted.
              Configure S-1-5-32-546.
                  remove SeInteractiveLogonRight.
              Configure S-1-5-32-547.
                  remove SeNetworkLogonRight.
                  remove SeSystemtimePrivilege.
                  remove SeRemoteShutdownPrivilege.
                  remove SeIncreaseBasePriorityPrivilege.
                  remove SeInteractiveLogonRight.
                  remove SeProfileSingleProcessPrivilege.
                  remove SeShutdownPrivilege.
                  remove SeRemoteInteractiveLogonRight.

           

          it's removed rights or something O_o or is it me getting nervous??